Перейти к содержанию

Приложение 6. Примеры запуска скриптов AppSec.Hub CLI

Сканирование кодовой базы scan_codebase.py

py scan_codebase.py --url http://hub.dev.swordfishsecurity.com/ \     
    --token ***** \     
    --appcode 0902202-1_cli \     
    --codebase http://gitlab.service.swordfishsecurity.com/test/java-web-project.git;master;;/;java-web-project http://gitlab.service.swordfishsecurity.com/test/web-project.git;master;;/web-project;web-projectweb-project;web-project \     
    --branch-filter develop

Сканирование артефакта по URL scan_artifact.py

Файловое хранилище (Login/Password)

py scan_artifact.py \
    --url http://hub.dev.swordfishsecurity.com/ \
    --token ****** \
    --appcode 19042021_test_create_org \
    --artifact https://docker.swordfishsecurity.com/nginx/apk/auth/app-prod-debug-1.0.apk
    --artifact https://docker.swordfishsecurity.com/nginx/apk/auth/app-prod-debug-2.0.apk

Файловое хранилище (Anonymous)

py scan_artifact.py \
    --url http://hub.dev.swordfishsecurity.com/ \
    --token ****** \
    --appcode 19042021_test_create_org \
    --artifact https://docker.swordfishsecurity.com/nginx/apk/app-prod-debug-1.0.apk
    --artifact https://docker.swordfishsecurity.com/nginx/apk/app-prod-debug-2.0.apk

type: maven (с classifier)

python scan_artifact.py \
    --url http://hub.dev.swordfishsecurity.com \
    --token ****** \
    --appcode 09022021_cli \
    --artifact https://nexus.dev.swordfishsecurity.com/repository/maven-releases/com/appsecco/456776543/1.09/456776543-1.09-classifer.war 
    --artifact https://nexus.dev.swordfishsecurity.com/repository/maven-releases/com/appsecco/456776543/1.10/456776543-1.10-classifer.war

type: yum

py scan_artifact.py --url http://hub.dev.swordfishsecurity.com \
    --token ***** \
    --appcode 09022021_cli \
    --artifact https://nexus.dev.swordfishsecurity.com/repository/postid-yum/pochtaid-user-history.assembly-4.5.0-SNAPSHOT20200619055220.noarch.rpm
    --artifact https://nexus.dev.swordfishsecurity.com/repository/postid-yum/pochtaid-user-history.assembly-4.5.1-SNAPSHOT20200619055220.noarch.rpm

type: docker

Cпособ 1

py scan_artifact.py \
    --url http://hub.dev.swordfishsecurity.com/ \
    --token ***** \
    --appcode 09022021_cli \
    --artifact https://nexus.test.swordfishsecurity.com:8083/java-web-project:9.17 
    --artifact https://nexus.test.swordfishsecurity.com:8083/java-web-project-2:9.17

Cпособ 2

py scan_artifact.py \
    --url http://hub.dev.swordfishsecurity.com/ \
    --token ***** \
    --appcode 09022021_cli \
    --artifact https://nexus.service.swordfishsecurity.com:8086/hub-core:1.4.5.7
    --artifact https://nexus.service.swordfishsecurity.com:8086/hub-core:1.4.5.8

type: npm

py scan_artifact.py \
    --url http://hub.dev.swordfishsecurity.com \
    --token ***** \
    --appcode 09022021_cli \
    --artifact https://nexus.dev.swordfishsecurity.com/repository/npm-group/ngclipboard/-/ngclipboard-2.0.0.tgz
    --artifact https://nexus.dev.swordfishsecurity.com/repository/npm-group/ngclipboard/-/ngclipboard-2.1.0.tgz

Сканирование экземпляра приложения scan_instance.py

py scan_instance.py --url http://hub.dev.swordfishsecurity.com/ \
    --token ***** \
    --appcode 0902202-1_cli \
    --instance-url http://hub.dev.swordfishsecurity.com \
    --instance-name inst1 \
    --stage ST

Импорт результатов import_results.py

Импорт результатов из Checkmarx

py import_results.py \
    --url https://hub.dev.swordfishsecurity.com \
    --token ***** \
    --appcode 09022021_cli \
    --codebase http://gitlab.service.swordfishsecurity.com/test/java-web-project.git;master;;/;java-web-project http://gitlab.service.swordfishsecurity.com/test/web-project.git;master;;/web-project;web-projectweb-project;web-project \
    --cx-tool-url https://cx93.dev.swordfishsecurity.com \
    --cx-project-name kg_19082021_2_-master_1 \
    --cx-team /CxServer/asdfsadfASDFASDF/kg_19082021_2 \
    --quality-gate no-critical-issues

Импорт результатов из Dependency track

py import_results.py \
    --url https://hub.dev.swordfishsecurity.com \
    --token ***** \
    --appcode 09022021_cli \
    --codebase http://gitlab.service.swordfishsecurity.com/test/java-web-project.git;master;;/;java-web-project http://gitlab.service.swordfishsecurity.com/test/web-project.git;master;;/web-project;web-projectweb-project;web-project \
    --dt-tool-url http://dep-track.rnd.swordfishsecurity.com \
    --dt-project-name Dependency_Track_java-web-project-master \
    --dt-project-uuid 619821d4-368d-4f5e-a52f-18d73d97ecb9 \
    --quality-gate no-critical-issues

Импорт результатов из PT Application inspector

py import_results.py \
    --url https://hub.dev.swordfishsecurity.com \
    --token ***** \
    --appcode 09022021_cli \
    --codebase http://gitlab.service.swordfishsecurity.com/test/java-web-project.git;master;;/;java-web-project http://gitlab.service.swordfishsecurity.com/test/web-project.git;master;;/web-project;web-projectweb-project;web-project \
    --ptai-tool-url https://ptai.dev.swordfishsecurity.com \
    --ptai-project-id 2e96ce1d-1a32-4376-bfca-f7f1a17128c9 \
    --ptai-scan-results-id c40b439e-0312-4a38-9bb8-8cea931b3bd9 \
    --quality-gate no-critical-issues

Импорт результатов из Nexus (артефакты)

py import_results.py \
    --url https://hub.dev.swordfishsecurity.com \
    --token ***** \
    --appcode 09022021_cli \
    --artifact "https://nexus.dev.swordfishsecurity.com/repository/maven-releases/com/example/hub-core-f05f76e5ed7a/1.0.5454-test-task/hub-core-f05f76e5ed7a-1.0.5454-test-task.tar;Artifact-1" \ 
    --artifact "https://nexus.test.swordfishsecurity.com/repository/maven-releases/com/example/hub-core/1.0.5452-test-task/hub-core-1.0.5452-test-task.tar;Artifact-2" \
    --artifact "https://nexus.test.swordfishsecurity.com/repository/maven-releases/com/example/hub-ui/1.0.5452-test-task/hub-ui-1.0.5452-test-task.tar;Artifact-3" \
    --nxiq-tool-url https://nxiq.test.swordfishsecurity.com \
    --nxiq-app 12072021_nxiq_java-web-projectdocker \
    --nxiq-org "Dev Company" \
    --nxiq-app multi-docker 
    --nxiq-report 5bbfc21a24864254a58c905d475a0ea4 \
    --nxiq-stage build

Импорт результатов из Aqua Security

py import_results.py \
    --url https://hub.dev.swordfishsecurity.com \
    --token ***** \
    --appcode Aqua_demo \
    --artifact https://nexus.dev.swordfishsecurity.com:8083/java-web-project:1.17 \
    --aqua-tool-url https://aqua.dev.swordfishsecurity.com \
    --aqua-registry aqua-demo_java-web-project-docker
К началу